Merge remote-tracking branch 'origin/master'

src/main/resources/modules/SpringBoot/java/config/SecurityConfig.java

@@ -9,9 +9,9 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.Authentication;
-import ${basePackage}.frame.base.Token;
-import ${basePackage}.frame.utils.CookieUtil;
-import ${basePackage}.frame.utils.LocalData;
+import xyz.wbsite.frame.base.Token;
+import xyz.wbsite.frame.utils.CookieUtil;
+import xyz.wbsite.frame.auth.LocalData;
 import javax.servlet.http.HttpServletRequest;
 
 @Configuration
@@ -20,16 +20,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Value("${r"${web.url.auth.excluded}"}")
     private String[] excluded;
-    @Value("${r"${web.url.auth.included}"}")
-    private String[] included;
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and()
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                 .authorizeRequests()
+                .antMatchers(staticPath).permitAll()
                 .antMatchers(excluded).permitAll()
-                .antMatchers(included).access("@Authorization.hasPermission(request,authentication)")
+                .anyRequest().access("@Authorization.hasPermission(request,authentication)")
                 .and().cors()
                 .and().headers().frameOptions().disable()
                 .and().csrf().disable();
@@ -70,7 +68,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                     //继承临时Token
                     token1.addResourceSet(LocalData.getTempToken());
                     //管理员特有资源(这边请用正则表达式)
-                    token1.putResource("/admin/.*\\.htm");
+                    token1.putResource(".*\\.htm");
                     LocalData.setToken(token1);
                 }
 

src/main/resources/modules/SpringBoot/resources/application-dev.ftl

@@ -2,7 +2,7 @@
 server.port=8080
 server.servlet.context-path=/
 spring.mvc.static-path-pattern=/static/**
-spring.resources.static-locations=classpath:static/
+spring.resources.static-locations=classpath:/META-INF/resources/,classpath:/resources/,classpath:/static/,classpath:/public/,file:/file-upload
 spring.application.name=${projectName?default("SpringBoot")}
 spring.main.banner-mode=CONSOLE
 spring.devtools.restart.enabled=true
@@ -16,10 +16,8 @@ spring.http.encoding.enabled=true
 server.tomcat.uri-encoding=UTF-8
 # 根路径、欢迎页
 web.welcome.page=/index.htm
-# 需要验证授权, 既访问时组装Token
-web.url.auth.included=/**
 # 不需要验证授权, 或该请求有自己的验证机制
-web.url.auth.excluded=/favicon.ico,/static/**,/api,/login.htm
+web.url.auth.excluded=/api,/,/index.htm,/home.htm,/login.htm
 # 日志配置
 logging.path=D://
 logging.levels=DEBUG

src/main/resources/modules/SpringBoot/resources/application-prod.ftl

@@ -2,7 +2,7 @@
 server.port=80
 server.servlet.context-path=/
 spring.mvc.static-path-pattern=/static/**
-spring.resources.static-locations=classpath:static/
+spring.resources.static-locations=classpath:/META-INF/resources/,classpath:/resources/,classpath:/static/,classpath:/public/,file:/file-upload
 spring.application.name=${projectName}
 spring.main.banner-mode=off
 spring.devtools.restart.enabled=false
@@ -16,8 +16,6 @@ spring.http.encoding.enabled=true
 server.tomcat.uri-encoding=UTF-8
 # 根路径、欢迎页
 web.welcome.page=/index.htm
-# 需要验证授权, 既访问时组装Token
-web.url.auth.included=/**
 # 不需要验证授权, 或该请求有自己的验证机制
 web.url.auth.excluded=/favicon.ico,/static/**,/api,/login.htm
 # 日志配置